[FEAT] Full function and deployed version

2026-02-19 15:15:58 +01:00
parent e7c4768589
commit cf0db69f2d
24 changed files with 6949 additions and 69 deletions
--- a/partitions/src/lib/api.ts
+++ b/partitions/src/lib/api.ts
@@ -3,10 +3,10 @@ import { auth } from '$lib/stores/auth';
 import { browser } from '$app/environment';
 import { get } from 'svelte/store';

-// Use environment variable or default to localhost
-const API_BASE_URL = browser 
-	? (import.meta.env.VITE_API_URL || 'http://localhost:8000')
-	: (import.meta.env.VITE_API_URL || 'http://localhost:8000');
+const API_BASE_URL_LOCAL = 'http://localhost:8000';
+const API_BASE_URL_PROD = 'https://ohmj-api.c.nadal-fr.com';
+
+const API_BASE_URL = browser ? API_BASE_URL_PROD : API_BASE_URL_LOCAL;

 const api = axios.create({
 	baseURL: API_BASE_URL,
@@ -28,7 +28,8 @@ api.interceptors.request.use((config) => {
 api.interceptors.response.use(
 	(response) => response,
 	(error: AxiosError) => {
-		if (error.response?.status === 401) {
+		// Only logout on actual 401 from the server, not network/CORS errors
+		if (error.response?.status === 401 && !error.message?.includes('Network Error')) {
 			auth.logout();
 			if (browser) {
 				window.location.href = '/';
@@ -110,9 +111,11 @@ export const apiService = {
 	},

 	getDownloadUrl(path: string): string {
-		// Security: Token is now passed via Authorization header, not URL
-		// The backend will read the token from the header in the request
-		return `${API_BASE_URL}/download/${path}`;
+		// Pass token in URL for direct browser access (PDF viewer, iframe, etc.)
+		// Safe over HTTPS
+		const authState = get(auth);
+		const token = authState.token ? encodeURIComponent(authState.token) : '';
+		return `${API_BASE_URL}/download/${path}?token=${token}`;
 	},

 	// New method to download with proper auth header
@@ -128,8 +131,8 @@ export const apiService = {
 		return response.data;
 	},

-	async updateScore(id: string, name: string, compositor: string): Promise<{ success: boolean; error?: string }> {
-		const response = await api.put(`/admin/scores/${id}`, { name, compositor });
+	async updateScore(id: string, name: string, compositor: string, ressource: string = ''): Promise<{ success: boolean; error?: string }> {
+		const response = await api.put(`/admin/scores/${id}`, { name, compositor, ressource });
 		return response.data;
 	},

@@ -151,7 +154,7 @@ export const apiService = {
 		
 		const response = await api.post(`/admin/scores/${scoreId}/upload`, formData, {
 			headers: {
-				'Content-Type': 'multipart/form-data'
+				'Content-Type': undefined
 			}
 		});
 		return response.data;
--- a/partitions/src/lib/components/PdfViewer.svelte
+++ b/partitions/src/lib/components/PdfViewer.svelte
@@ -3,7 +3,7 @@
 	import * as pdfjsLib from 'pdfjs-dist';
 	import { api } from '$lib/api';

-	pdfjsLib.GlobalWorkerOptions.workerSrc = '/pdf.worker.min.mjs';
+	pdfjsLib.GlobalWorkerOptions.workerSrc = '/pdf.worker.min.js';

 	interface Props {
 		pdfUrl: string;
@@ -34,9 +34,9 @@
 		loading = true;
 		error = '';
 		try {
-			// Load PDF via axios to include auth token
-			const path = pdfUrl.split('/download/')[1];
-			const response = await api.get(`/download/${path}`, {
+			// pdfUrl already contains the full URL with token
+			// Use it directly with axios
+			const response = await api.get(pdfUrl, {
 				responseType: 'blob'
 			});
 			const blob = new Blob([response.data], { type: 'application/pdf' });